Skip to navigation

Security Advisory Critical: firefox security update

Advisory: RHSA-2010:0556-1
Type: Security Advisory
Severity: Critical
Issued on: 2010-07-23
Last updated on: 2010-07-23
Affected Products: RHEL Desktop Workstation (v. 5 client)
Red Hat Enterprise Linux (v. 5 server)
Red Hat Enterprise Linux Desktop (v. 5 client)
CVEs (cve.mitre.org): CVE-2010-2755

Details

Updated firefox and xulrunner packages that fix a security issue are now
available for Red Hat Enterprise Linux 5.

The Red Hat Security Response Team has rated this update as having critical
security impact. Common Vulnerability Scoring System (CVSS) base scores,
which give detailed severity ratings, are available for each vulnerability
from the CVE links in the References section.

Mozilla Firefox is an open source web browser. XULRunner provides the XUL
Runtime environment for Mozilla Firefox.

An invalid free flaw was found in Firefox's plugin handler. Malicious web
content could result in an invalid memory pointer being freed, causing Firefox
to crash or, potentially, execute arbitrary code with the privileges of the user
running the Firefox application. (CVE-2010-2755)

All Firefox users should upgrade to these updated packages, which contain a
backported patch that corrects this issue. After installing the update, Firefox
must be restarted for the changes to take effect.


Solution

Before applying this update, make sure all previously-released errata
relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
http://kbase.redhat.com/faq/docs/DOC-11259

Updated packages

RHEL Desktop Workstation (v. 5 client)

SRPMS:
xulrunner-1.9.2.7-3.el5.src.rpm
File outdated by:  RHSA-2013:1476
    MD5: 8b7f58bf43918f895db54af30c55d67f
SHA-256: 4876544f61ecddb395f85746f95c7720d304d265c25c9fa28781732561505bd4
 
IA-32:
xulrunner-devel-1.9.2.7-3.el5.i386.rpm
File outdated by:  RHSA-2013:1476
    MD5: 375f7f171e735be805d133cb15017724
SHA-256: aa030efd45087ed01d34eeb546b5cdbf5d7dc8f701e968318f7266365e4903e4
 
x86_64:
xulrunner-devel-1.9.2.7-3.el5.i386.rpm
File outdated by:  RHSA-2013:1476
    MD5: 375f7f171e735be805d133cb15017724
SHA-256: aa030efd45087ed01d34eeb546b5cdbf5d7dc8f701e968318f7266365e4903e4
xulrunner-devel-1.9.2.7-3.el5.x86_64.rpm
File outdated by:  RHSA-2013:1476
    MD5: eaa02e800d11a5d51a9c227b4de5a5af
SHA-256: e961238e9129bbd78edd34a6098d6b9df1d90cd5b281bc406feee354ba11f92f
 
Red Hat Enterprise Linux (v. 5 server)

SRPMS:
firefox-3.6.7-3.el5.src.rpm
File outdated by:  RHSA-2014:0310
    MD5: a893f4d2839e633627368b55041f2d3e
SHA-256: ea5177d5f7dac46131a596cd7839340311d6c8111314ee977e5a325575d6969b
xulrunner-1.9.2.7-3.el5.src.rpm
File outdated by:  RHSA-2013:1476
    MD5: 8b7f58bf43918f895db54af30c55d67f
SHA-256: 4876544f61ecddb395f85746f95c7720d304d265c25c9fa28781732561505bd4
 
IA-32:
firefox-3.6.7-3.el5.i386.rpm
File outdated by:  RHSA-2014:0310
    MD5: 56e3eab27344bd354efb3e9b65047ebc
SHA-256: 6545595a08785384c2918788ee1afd2f957bda428b5014ba71fe530e6090f34b
xulrunner-1.9.2.7-3.el5.i386.rpm
File outdated by:  RHSA-2013:1476
    MD5: a0a7c16d74c3831ccf6d3b3886220b71
SHA-256: 85a11fcf2681a0a9a07ffcc592f761c3ea1b773862c3517bee2d93496c3f1ec2
xulrunner-devel-1.9.2.7-3.el5.i386.rpm
File outdated by:  RHSA-2013:1476
    MD5: 375f7f171e735be805d133cb15017724
SHA-256: aa030efd45087ed01d34eeb546b5cdbf5d7dc8f701e968318f7266365e4903e4
 
IA-64:
firefox-3.6.7-3.el5.ia64.rpm
File outdated by:  RHSA-2014:0310
    MD5: 994b7fc8c06e8b1bf1463f0dd3d76f22
SHA-256: 564842d0ca07f2a88b88a29ede44fab90d3b87981358d04a33db2bc33d7a629a
xulrunner-1.9.2.7-3.el5.ia64.rpm
File outdated by:  RHSA-2013:1476
    MD5: c90fc03d96f100636f9cdfb92706e6e3
SHA-256: 7baacb67eaa9cab3ed7d6ec34eeb695342143b50f2cf98963bbf564280d7d492
xulrunner-devel-1.9.2.7-3.el5.ia64.rpm
File outdated by:  RHSA-2013:1476
    MD5: 2b8c2658ba9198ceb0a9fb4387a6c025
SHA-256: aff1c50e0110ade1640959992b53decae54611dac057e036cff596dd17460b26
 
PPC:
firefox-3.6.7-3.el5.ppc.rpm
File outdated by:  RHSA-2014:0310
    MD5: 95d5c8b963f3ca3383ee48122058fb48
SHA-256: a8aca6956c785ed01d4272090c1fda6cbb4e0081de02958027c16b4249c0a728
xulrunner-1.9.2.7-3.el5.ppc.rpm
File outdated by:  RHSA-2013:1476
    MD5: 35e5e56c6a2ebe1df479beee6402d7af
SHA-256: e464f9e1fc65d48804252c3add5d2dfce3240533639f818d30c94986310bfd77
xulrunner-1.9.2.7-3.el5.ppc64.rpm
File outdated by:  RHSA-2013:1476
    MD5: 76fad5ccf7e7ab5b446fc50aedefc024
SHA-256: 1554afdd0feacbdfe60e0df7f5d9a9a7d2f327a0c9f699be0a7fd16ce87617c8
xulrunner-devel-1.9.2.7-3.el5.ppc.rpm
File outdated by:  RHSA-2013:1476
    MD5: 88d9208e1cd6a1b141d03caa65005592
SHA-256: 8f20ef0414e3e1bb73051456ff7d809b6d81cff3ec8970cd34ea5e599ea964e3
xulrunner-devel-1.9.2.7-3.el5.ppc64.rpm
File outdated by:  RHSA-2013:1476
    MD5: 45b5f00870b18ab5467a9d0ec9bb5a10
SHA-256: 94f583122862eb11568a909eb9eed96bfafc1715621fc1651d0c9416851ab49d
 
s390x:
firefox-3.6.7-3.el5.s390.rpm
File outdated by:  RHSA-2014:0310
    MD5: 48ae375a61ce107d1210757d03ebed96
SHA-256: ed67da57a7fd8f15a4a2e41a77b0d6dfbd3818b495fa4670a227bd9689cfe4e4
firefox-3.6.7-3.el5.s390x.rpm
File outdated by:  RHSA-2014:0310
    MD5: 3718d4155a24161d71def6101ce8dce5
SHA-256: 8f949dbca84c9e297e0b130ad911674247d5d2f8cf9d0c42db280b6f887a064e
xulrunner-1.9.2.7-3.el5.s390.rpm
File outdated by:  RHSA-2013:1476
    MD5: 635083f0684cc45a31f6360a31cafeaf
SHA-256: 3d4adf262844cb0479144033dc44252c972b9cdf0a8e459a4a050416d9eba0f9
xulrunner-1.9.2.7-3.el5.s390x.rpm
File outdated by:  RHSA-2013:1476
    MD5: ad3c46b14a160cba0ab6e63bb7379f89
SHA-256: 46832c45c8ecbf28f7d10f88deac2a3d8ac6fe22f5922cdcc3218d191b11dd71
xulrunner-devel-1.9.2.7-3.el5.s390.rpm
File outdated by:  RHSA-2013:1476
    MD5: f7f7f02a72633682bebaf44c0f3ac073
SHA-256: e0bc58faececa2c9b342a217a18bae1a1711e0688b651617dbd034ebd77cb9d5
xulrunner-devel-1.9.2.7-3.el5.s390x.rpm
File outdated by:  RHSA-2013:1476
    MD5: dbfc62755a320e891316fbd0c6e9a447
SHA-256: 628418596ab7a954aba208d74720ad8a0f8cc482dbbb1a148fcfff29b8f7c74d
 
x86_64:
firefox-3.6.7-3.el5.i386.rpm
File outdated by:  RHSA-2014:0310
    MD5: 56e3eab27344bd354efb3e9b65047ebc
SHA-256: 6545595a08785384c2918788ee1afd2f957bda428b5014ba71fe530e6090f34b
firefox-3.6.7-3.el5.x86_64.rpm
File outdated by:  RHSA-2014:0310
    MD5: be1a32f6293169a58df1e19033773645
SHA-256: 083726c99cad290f17d967233a98dc1b69b38653ed189577c56262e47e88b9c3
xulrunner-1.9.2.7-3.el5.i386.rpm
File outdated by:  RHSA-2013:1476
    MD5: a0a7c16d74c3831ccf6d3b3886220b71
SHA-256: 85a11fcf2681a0a9a07ffcc592f761c3ea1b773862c3517bee2d93496c3f1ec2
xulrunner-1.9.2.7-3.el5.x86_64.rpm
File outdated by:  RHSA-2013:1476
    MD5: b26c703a255d5169c567c9e4c384c4cb
SHA-256: 9f580886c05f6074d949dba01cc5bd4bbfda3f624aa255cffb63f456f1de0d1c
xulrunner-devel-1.9.2.7-3.el5.i386.rpm
File outdated by:  RHSA-2013:1476
    MD5: 375f7f171e735be805d133cb15017724
SHA-256: aa030efd45087ed01d34eeb546b5cdbf5d7dc8f701e968318f7266365e4903e4
xulrunner-devel-1.9.2.7-3.el5.x86_64.rpm
File outdated by:  RHSA-2013:1476
    MD5: eaa02e800d11a5d51a9c227b4de5a5af
SHA-256: e961238e9129bbd78edd34a6098d6b9df1d90cd5b281bc406feee354ba11f92f
 
Red Hat Enterprise Linux Desktop (v. 5 client)

SRPMS:
firefox-3.6.7-3.el5.src.rpm
File outdated by:  RHSA-2014:0310
    MD5: a893f4d2839e633627368b55041f2d3e
SHA-256: ea5177d5f7dac46131a596cd7839340311d6c8111314ee977e5a325575d6969b
xulrunner-1.9.2.7-3.el5.src.rpm
File outdated by:  RHSA-2013:1476
    MD5: 8b7f58bf43918f895db54af30c55d67f
SHA-256: 4876544f61ecddb395f85746f95c7720d304d265c25c9fa28781732561505bd4
 
IA-32:
firefox-3.6.7-3.el5.i386.rpm
File outdated by:  RHSA-2014:0310
    MD5: 56e3eab27344bd354efb3e9b65047ebc
SHA-256: 6545595a08785384c2918788ee1afd2f957bda428b5014ba71fe530e6090f34b
xulrunner-1.9.2.7-3.el5.i386.rpm
File outdated by:  RHSA-2013:1476
    MD5: a0a7c16d74c3831ccf6d3b3886220b71
SHA-256: 85a11fcf2681a0a9a07ffcc592f761c3ea1b773862c3517bee2d93496c3f1ec2
 
x86_64:
firefox-3.6.7-3.el5.i386.rpm
File outdated by:  RHSA-2014:0310
    MD5: 56e3eab27344bd354efb3e9b65047ebc
SHA-256: 6545595a08785384c2918788ee1afd2f957bda428b5014ba71fe530e6090f34b
firefox-3.6.7-3.el5.x86_64.rpm
File outdated by:  RHSA-2014:0310
    MD5: be1a32f6293169a58df1e19033773645
SHA-256: 083726c99cad290f17d967233a98dc1b69b38653ed189577c56262e47e88b9c3
xulrunner-1.9.2.7-3.el5.i386.rpm
File outdated by:  RHSA-2013:1476
    MD5: a0a7c16d74c3831ccf6d3b3886220b71
SHA-256: 85a11fcf2681a0a9a07ffcc592f761c3ea1b773862c3517bee2d93496c3f1ec2
xulrunner-1.9.2.7-3.el5.x86_64.rpm
File outdated by:  RHSA-2013:1476
    MD5: b26c703a255d5169c567c9e4c384c4cb
SHA-256: 9f580886c05f6074d949dba01cc5bd4bbfda3f624aa255cffb63f456f1de0d1c
 
(The unlinked packages above are only available from the Red Hat Network)

Bugs fixed (see bugzilla for more information)

617657 - CVE-2010-2755 Mozilla arbitrary free flaw


References



These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:
https://www.redhat.com/security/team/key/#package

The Red Hat security contact is secalert@redhat.com. More contact details at http://www.redhat.com/security/team/contact/